ASB-A-274058082

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-274058082.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-274058082
Aliases
Published
2023-10-01T00:00:00Z
Modified
2026-04-27T15:40:08.012512Z
Summary
[none]
Details

In androidviewInputDevicecreate of androidview_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "125676492766106711951596617785195971855",
                    "185879384200682738715378114506687516778",
                    "338104229701745523250922630123558121720",
                    "164483218690317520296748166909634886132",
                    "241981070728565826920380962268949800827",
                    "20744690058626963785589292893573941149",
                    "194452586477869734798399918003040292452",
                    "136458635348825470205537341173414825837"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-049482b7",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "length": 1531.0,
                "function_hash": "158139996614015754754528683268877777485"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-c4715c80",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-274058082.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "230305232859421759719948898271091435181",
                    "175698175548647830746462066481850780724",
                    "48609923683176244895431102128720532167",
                    "218957895753685007551547150603647047350"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15",
            "id": "ASB-A-274058082-0312669d",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "length": 1611.0,
                "function_hash": "264988005883883338717759010747986694755"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15",
            "id": "ASB-A-274058082-12ed3f18",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "305811479980129423563913840842893721562",
                    "199507713459967536283705882506495094259",
                    "164483218690317520296748166909634886132",
                    "241981070728565826920380962268949800827",
                    "20744690058626963785589292893573941149",
                    "194452586477869734798399918003040292452",
                    "136458635348825470205537341173414825837"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c",
            "id": "ASB-A-274058082-590a4d19",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "length": 1482.0,
                "function_hash": "279694627074942626613480915343931525335"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c",
            "id": "ASB-A-274058082-b2af2b90",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c",
        "https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-274058082.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "length": 1531.0,
                "function_hash": "158139996614015754754528683268877777485"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-1c277084",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "125676492766106711951596617785195971855",
                    "185879384200682738715378114506687516778",
                    "338104229701745523250922630123558121720",
                    "164483218690317520296748166909634886132",
                    "241981070728565826920380962268949800827",
                    "20744690058626963785589292893573941149",
                    "194452586477869734798399918003040292452",
                    "136458635348825470205537341173414825837"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-842a1e12",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-274058082.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "125676492766106711951596617785195971855",
                    "185879384200682738715378114506687516778",
                    "338104229701745523250922630123558121720",
                    "164483218690317520296748166909634886132",
                    "241981070728565826920380962268949800827",
                    "20744690058626963785589292893573941149",
                    "194452586477869734798399918003040292452",
                    "136458635348825470205537341173414825837"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-ced6b9b1",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "length": 1531.0,
                "function_hash": "158139996614015754754528683268877777485"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-f794cb00",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-274058082.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "length": 1531.0,
                "function_hash": "158139996614015754754528683268877777485"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-a3b35f74",
            "target": {
                "function": "android_view_InputDevice_create",
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "125676492766106711951596617785195971855",
                    "185879384200682738715378114506687516778",
                    "338104229701745523250922630123558121720",
                    "164483218690317520296748166909634886132",
                    "241981070728565826920380962268949800827",
                    "20744690058626963785589292893573941149",
                    "194452586477869734798399918003040292452",
                    "136458635348825470205537341173414825837"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b",
            "id": "ASB-A-274058082-e58565d9",
            "target": {
                "file": "core/jni/android_view_InputDevice.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-274058082.json"